mirror of https://github.com/arendst/Tasmota.git
Merge pull request #17270 from s-hadinger/berry_crypto_def
Berry crypto module, with AES_GCM by default and EC_CC25519 optional
This commit is contained in:
commit
e7d40b8d11
|
@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file.
|
||||||
## [12.2.0.6]
|
## [12.2.0.6]
|
||||||
### Added
|
### Added
|
||||||
- Serial Modbus transmit enable GPIOs to all modbus energy drivers and modbus bridge (#17247)
|
- Serial Modbus transmit enable GPIOs to all modbus energy drivers and modbus bridge (#17247)
|
||||||
|
- Berry crypto module, with AES_GCM by default and EC_CC25519 optional
|
||||||
|
|
||||||
### Breaking Changed
|
### Breaking Changed
|
||||||
|
|
||||||
|
|
|
@ -164,9 +164,7 @@ BERRY_LOCAL const bntvmodule* const be_module_table[] = {
|
||||||
&be_native_module(flash),
|
&be_native_module(flash),
|
||||||
&be_native_module(partition_core),
|
&be_native_module(partition_core),
|
||||||
&be_native_module(crc),
|
&be_native_module(crc),
|
||||||
#ifdef USE_ALEXA_AVS
|
|
||||||
&be_native_module(crypto),
|
&be_native_module(crypto),
|
||||||
#endif
|
|
||||||
#if defined(USE_BERRY_ULP) && ((CONFIG_IDF_TARGET_ESP32) || defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3))
|
#if defined(USE_BERRY_ULP) && ((CONFIG_IDF_TARGET_ESP32) || defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3))
|
||||||
&be_native_module(ULP),
|
&be_native_module(ULP),
|
||||||
#endif // USE_BERRY_ULP
|
#endif // USE_BERRY_ULP
|
||||||
|
|
|
@ -7,8 +7,6 @@
|
||||||
*******************************************************************/
|
*******************************************************************/
|
||||||
#include "be_constobj.h"
|
#include "be_constobj.h"
|
||||||
|
|
||||||
#ifdef USE_ALEXA_AVS
|
|
||||||
|
|
||||||
extern int m_aes_gcm_init(bvm *vm);
|
extern int m_aes_gcm_init(bvm *vm);
|
||||||
extern int m_aes_gcm_encryt(bvm *vm);
|
extern int m_aes_gcm_encryt(bvm *vm);
|
||||||
extern int m_aes_gcm_decryt(bvm *vm);
|
extern int m_aes_gcm_decryt(bvm *vm);
|
||||||
|
@ -23,7 +21,7 @@ extern int m_ec_c25519_sharedkey(bvm *vm);
|
||||||
|
|
||||||
/* @const_object_info_begin
|
/* @const_object_info_begin
|
||||||
|
|
||||||
class be_class_aes_gcm (scope: global, name: AES_GCM, strings: weak) {
|
class be_class_aes_gcm (scope: global, name: AES_GCM) {
|
||||||
.p1, var
|
.p1, var
|
||||||
.p2, var
|
.p2, var
|
||||||
|
|
||||||
|
@ -33,16 +31,14 @@ class be_class_aes_gcm (scope: global, name: AES_GCM, strings: weak) {
|
||||||
tag, func(m_aes_gcm_tag)
|
tag, func(m_aes_gcm_tag)
|
||||||
}
|
}
|
||||||
|
|
||||||
class be_class_ec_c25519 (scope: global, name: EC_C25519, strings: weak) {
|
class be_class_ec_c25519 (scope: global, name: EC_C25519) {
|
||||||
public_key, func(m_ec_c25519_pubkey)
|
public_key, func(m_ec_c25519_pubkey)
|
||||||
shared_key, func(m_ec_c25519_sharedkey)
|
shared_key, func(m_ec_c25519_sharedkey)
|
||||||
}
|
}
|
||||||
|
|
||||||
module crypto (scope: global, strings: weak) {
|
module crypto (scope: global) {
|
||||||
AES_GCM, class(be_class_aes_gcm)
|
AES_GCM, class(be_class_aes_gcm)
|
||||||
EC_C25519, class(be_class_ec_c25519)
|
EC_C25519, class(be_class_ec_c25519)
|
||||||
}
|
}
|
||||||
|
|
||||||
@const_object_info_end */
|
@const_object_info_end */
|
||||||
|
|
||||||
#endif // USE_ALEXA_AVS
|
|
||||||
|
|
|
@ -1096,6 +1096,9 @@
|
||||||
#define USE_BERRY_WEBCLIENT_TIMEOUT 2000 // Default timeout in milliseconds
|
#define USE_BERRY_WEBCLIENT_TIMEOUT 2000 // Default timeout in milliseconds
|
||||||
#define USE_BERRY_TCPSERVER // Enable TCP socket server (+0.6k)
|
#define USE_BERRY_TCPSERVER // Enable TCP socket server (+0.6k)
|
||||||
// #define USE_BERRY_ULP // Enable ULP (Ultra Low Power) support (+4.9k)
|
// #define USE_BERRY_ULP // Enable ULP (Ultra Low Power) support (+4.9k)
|
||||||
|
// Berry crypto extensions below:
|
||||||
|
#define USE_BERRY_CRYPTO_AES_GCM // enable AES GCM 256 bits
|
||||||
|
// #define USE_BERRY_CRYPTO_EC_C25519 // enable Elliptic Curve C C25519
|
||||||
#define USE_CSE7761 // Add support for CSE7761 Energy monitor as used in Sonoff Dual R3
|
#define USE_CSE7761 // Add support for CSE7761 Energy monitor as used in Sonoff Dual R3
|
||||||
|
|
||||||
// -- LVGL Graphics Library ---------------------------------
|
// -- LVGL Graphics Library ---------------------------------
|
||||||
|
@ -1232,7 +1235,7 @@
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(USE_MQTT_TLS) || defined(USE_TELEGRAM) || defined(USE_WEBCLIENT_HTTPS) || defined(USE_ALEXA_AVS)
|
#if defined(USE_MQTT_TLS) || defined(USE_TELEGRAM) || defined(USE_WEBCLIENT_HTTPS)
|
||||||
#define USE_TLS // flag indicates we need to include TLS code
|
#define USE_TLS // flag indicates we need to include TLS code
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -19,7 +19,6 @@
|
||||||
|
|
||||||
|
|
||||||
#ifdef USE_BERRY
|
#ifdef USE_BERRY
|
||||||
#ifdef USE_ALEXA_AVS
|
|
||||||
|
|
||||||
#include <berry.h>
|
#include <berry.h>
|
||||||
#include "be_mem.h"
|
#include "be_mem.h"
|
||||||
|
@ -34,6 +33,7 @@ extern "C" {
|
||||||
// `AES_GCM.init(secret_key:bytes(32), iv:bytes(12)) -> instance`
|
// `AES_GCM.init(secret_key:bytes(32), iv:bytes(12)) -> instance`
|
||||||
int32_t m_aes_gcm_init(struct bvm *vm);
|
int32_t m_aes_gcm_init(struct bvm *vm);
|
||||||
int32_t m_aes_gcm_init(struct bvm *vm) {
|
int32_t m_aes_gcm_init(struct bvm *vm) {
|
||||||
|
#ifdef USE_BERRY_CRYPTO_AES_GCM
|
||||||
int32_t argc = be_top(vm); // Get the number of arguments
|
int32_t argc = be_top(vm); // Get the number of arguments
|
||||||
if (argc >= 3 && be_isinstance(vm, 2) && be_isinstance(vm, 3)) {
|
if (argc >= 3 && be_isinstance(vm, 2) && be_isinstance(vm, 3)) {
|
||||||
do {
|
do {
|
||||||
|
@ -77,11 +77,15 @@ extern "C" {
|
||||||
} while (0);
|
} while (0);
|
||||||
}
|
}
|
||||||
be_raise(vm, kTypeError, nullptr);
|
be_raise(vm, kTypeError, nullptr);
|
||||||
|
#else // USE_BERRY_CRYPTO_AES_GCM
|
||||||
|
be_raise(vm, "Not implemented", nullptr);
|
||||||
|
#endif // USE_BERRY_CRYPTO_AES_GCM
|
||||||
}
|
}
|
||||||
|
|
||||||
int32_t m_aes_gcm_encryt(bvm *vm);
|
int32_t m_aes_gcm_encryt(bvm *vm);
|
||||||
int32_t m_aes_gcm_decryt(bvm *vm);
|
int32_t m_aes_gcm_decryt(bvm *vm);
|
||||||
int32_t m_aes_gcm_encrypt_or_decryt(bvm *vm, int encrypt) {
|
int32_t m_aes_gcm_encrypt_or_decryt(bvm *vm, int encrypt) {
|
||||||
|
#ifdef USE_BERRY_CRYPTO_AES_GCM
|
||||||
int32_t argc = be_top(vm); // Get the number of arguments
|
int32_t argc = be_top(vm); // Get the number of arguments
|
||||||
if (argc >= 2 && be_isinstance(vm, 2)) {
|
if (argc >= 2 && be_isinstance(vm, 2)) {
|
||||||
do {
|
do {
|
||||||
|
@ -111,15 +115,27 @@ extern "C" {
|
||||||
} while (0);
|
} while (0);
|
||||||
}
|
}
|
||||||
be_raise(vm, kTypeError, nullptr);
|
be_raise(vm, kTypeError, nullptr);
|
||||||
|
#else // USE_BERRY_CRYPTO_AES_GCM
|
||||||
|
be_raise(vm, "Not implemented", nullptr);
|
||||||
|
#endif // USE_BERRY_CRYPTO_AES_GCM
|
||||||
}
|
}
|
||||||
int32_t m_aes_gcm_encryt(bvm *vm) {
|
int32_t m_aes_gcm_encryt(bvm *vm) {
|
||||||
|
#ifdef USE_BERRY_CRYPTO_AES_GCM
|
||||||
return m_aes_gcm_encrypt_or_decryt(vm, 1);
|
return m_aes_gcm_encrypt_or_decryt(vm, 1);
|
||||||
|
#else // USE_BERRY_CRYPTO_AES_GCM
|
||||||
|
be_raise(vm, "Not implemented", nullptr);
|
||||||
|
#endif // USE_BERRY_CRYPTO_AES_GCM
|
||||||
}
|
}
|
||||||
int32_t m_aes_gcm_decryt(bvm *vm) {
|
int32_t m_aes_gcm_decryt(bvm *vm) {
|
||||||
|
#ifdef USE_BERRY_CRYPTO_AES_GCM
|
||||||
return m_aes_gcm_encrypt_or_decryt(vm, 0);
|
return m_aes_gcm_encrypt_or_decryt(vm, 0);
|
||||||
|
#else // USE_BERRY_CRYPTO_AES_GCM
|
||||||
|
be_raise(vm, "Not implemented", nullptr);
|
||||||
|
#endif // USE_BERRY_CRYPTO_AES_GCM
|
||||||
}
|
}
|
||||||
|
|
||||||
int32_t m_aes_gcm_tag(bvm *vm) {
|
int32_t m_aes_gcm_tag(bvm *vm) {
|
||||||
|
#ifdef USE_BERRY_CRYPTO_AES_GCM
|
||||||
do {
|
do {
|
||||||
be_getglobal(vm, "bytes"); /* get the bytes class */ /* TODO eventually replace with be_getbuiltin */
|
be_getglobal(vm, "bytes"); /* get the bytes class */ /* TODO eventually replace with be_getbuiltin */
|
||||||
|
|
||||||
|
@ -137,6 +153,9 @@ extern "C" {
|
||||||
// success
|
// success
|
||||||
} while (0);
|
} while (0);
|
||||||
be_raise(vm, kTypeError, nullptr);
|
be_raise(vm, kTypeError, nullptr);
|
||||||
|
#else // USE_BERRY_CRYPTO_AES_GCM
|
||||||
|
be_raise(vm, "Not implemented", nullptr);
|
||||||
|
#endif // USE_BERRY_CRYPTO_AES_GCM
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -151,6 +170,7 @@ extern "C" {
|
||||||
// Computes the public key from a completely random private key of 32 bytes
|
// Computes the public key from a completely random private key of 32 bytes
|
||||||
int32_t m_ec_c25519_pubkey(bvm *vm);
|
int32_t m_ec_c25519_pubkey(bvm *vm);
|
||||||
int32_t m_ec_c25519_pubkey(bvm *vm) {
|
int32_t m_ec_c25519_pubkey(bvm *vm) {
|
||||||
|
#ifdef USE_BERRY_CRYPTO_EC_C25519
|
||||||
int32_t argc = be_top(vm); // Get the number of arguments
|
int32_t argc = be_top(vm); // Get the number of arguments
|
||||||
if (argc >= 2 && be_isbytes(vm, 2)) {
|
if (argc >= 2 && be_isbytes(vm, 2)) {
|
||||||
size_t buf_len = 0;
|
size_t buf_len = 0;
|
||||||
|
@ -173,12 +193,16 @@ extern "C" {
|
||||||
be_raise(vm, "value_error", "invalid input");
|
be_raise(vm, "value_error", "invalid input");
|
||||||
}
|
}
|
||||||
be_raise(vm, kTypeError, nullptr);
|
be_raise(vm, kTypeError, nullptr);
|
||||||
|
#else // USE_BERRY_CRYPTO_EC_C25519
|
||||||
|
be_raise(vm, "Not implemented", nullptr);
|
||||||
|
#endif // USE_BERRY_CRYPTO_EC_C25519
|
||||||
}
|
}
|
||||||
|
|
||||||
// crypto.EC_C25519().shared_key(my_private_key:bytes(32), their_public_key:bytes(32)) -> bytes(32)
|
// crypto.EC_C25519().shared_key(my_private_key:bytes(32), their_public_key:bytes(32)) -> bytes(32)
|
||||||
// Computes the shared pre-key. Normally this shared pre-key is hashed with another algorithm.
|
// Computes the shared pre-key. Normally this shared pre-key is hashed with another algorithm.
|
||||||
int32_t m_ec_c25519_sharedkey(bvm *vm);
|
int32_t m_ec_c25519_sharedkey(bvm *vm);
|
||||||
int32_t m_ec_c25519_sharedkey(bvm *vm) {
|
int32_t m_ec_c25519_sharedkey(bvm *vm) {
|
||||||
|
#ifdef USE_BERRY_CRYPTO_EC_C25519
|
||||||
int32_t argc = be_top(vm); // Get the number of arguments
|
int32_t argc = be_top(vm); // Get the number of arguments
|
||||||
if (argc >= 3 && be_isbytes(vm, 2) && be_isbytes(vm, 3)) {
|
if (argc >= 3 && be_isbytes(vm, 2) && be_isbytes(vm, 3)) {
|
||||||
size_t sk_len = 0;
|
size_t sk_len = 0;
|
||||||
|
@ -204,8 +228,10 @@ extern "C" {
|
||||||
be_raise(vm, "value_error", "invalid input");
|
be_raise(vm, "value_error", "invalid input");
|
||||||
}
|
}
|
||||||
be_raise(vm, kTypeError, nullptr);
|
be_raise(vm, kTypeError, nullptr);
|
||||||
|
#else // USE_BERRY_CRYPTO_EC_C25519
|
||||||
|
be_raise(vm, "Not implemented", nullptr);
|
||||||
|
#endif // USE_BERRY_CRYPTO_EC_C25519
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif // USE_ALEXA_AVS
|
|
||||||
#endif // USE_BERRY
|
#endif // USE_BERRY
|
||||||
|
|
Loading…
Reference in New Issue